Thread: FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack
View Single Post
  #2  
Old January 6th 08, 12:54 PM posted to rec.aviation.piloting
Bob Noel
external usenet poster
  
Posts: 1,374
Default FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack
In article ,
Larry Dighera wrote:

How naïve of Bowing to think that there computer is not hackable:


http://www.wired.com/politics/securi...liner_security
Boeing's new 787 Dreamliner passenger jet may have a serious
security vulnerability in its onboard computer networks that could
allow passengers to access the plane's control systems, according
to the U.S. Federal Aviation Administration. The computer network
in the Dreamliner's passenger compartment, designed to give
passengers in-flight internet access, is connected to the plane's
control, navigation and communication systems, an FAA report
reveals...

According to the FAA document

http://frwebgate6.access.gpo.gov/cgi...=486816490816+
0+0+0&WAISaction=retrieve
published in the Federal Register (mirrored at Cryptome.org
http://cryptome.org/faa010208.htm), the vulnerability exists
because the plane's computer systems connect the passenger network
with the flight-safety, control and navigation network. It also
connects to the airline's business and administrative-support
network, which communicates maintenance issues to ground crews...

Notice that the Special Condition published in the 13 April 2007 Federal
Register (and later on 2 Jan 2008) adds the following requirement
for the 787 Type Certificate:

"The design shall prevent all inadvertent or malicious changes
to, and all adverse impacts upon, all systems, networks, hardware,
software, and data in the Aircraft Control Domain and in the Airline
Information Domain from all points within the Passenger Information
and Entertainment Domain."

If complied with, why complain?


of course, several questions come to mind:

1) Exactly what is the extent of the connection (physical and logical) between
cabin systems and cockpit systems? Unfortunately, the specifics are likely
to be considered proprietary and not in the public domain.

2) Why have any connection at all? I don't know if Boeing has publically stated
why, but allow me to posit that perhaps Boeing engineers believed that airlines
needed a means to monitor non-criticals systems and send aircraft status
information to their airline operations centers. There are architectures and
boundary control devices that tightly control the flow and format of information
across network boundaries.

I can envision architectures that would provide adequate protection. They
exist today in the security/classified domains. I'm interested in knowing why
Boeing would want to go through the pain of implementing such architectures
and educating their engineers, DERs, and ATO folks.


btw - I don't think Boeing is dumb enough to think that computers are not
hackable, even Boeing management, and maybe even Boeing lawyers (ok,
maybe the lawyers are dumb enough).

--
Bob Noel
(goodness, please trim replies!!!)